At Smile Checks, protecting your dataโand your candidates' dataโis a top priority. We are committed to handling personal information responsibly, ethically, and in accordance with applicable data privacy laws and best practices.
This article outlines our compliance policies and how your organization can align with them when using Smile Checks for pre-employment background verification.
โ
Candidate Consent Requirements
Before Smile Checks can initiate a background check, informed consent from the candidate is mandatory.
- Candidates are prompted to review and agree to a clear consent statement before they can access or submit the onboarding form.
- This ensures compliance with the Philippine Data Privacy Act of 2012 and international standards like the General Data Protection Regulation (GDPR).
- Consent covers:
- The collection and processing of their personal data
- User-permissioned access to external systems (e.g., government or third-party platforms, where applicable and if provided by candidate)
- Sharing of their report with the requesting employer or authorized parties
โ ๏ธ Employers are not permitted to submit on behalf of a candidate or use third-party information without proper consent.
๐๏ธ Data Retention and Deletion Policies
Smile Checks follows a strict data minimization and retention policy:
- ๐๏ธ Maximum Retention Period: Candidate data (forms, documents, and results) is retained for a maximum of 60 days from submission.
- โ Earlier Deletion: If the candidate revokes access to their linked accounts or withdraws consent, their data is immediately and permanently removed from our systems.
- ๐ Expired Records: Once expired, all related documents and access tokens are purged from our servers. Employers are encouraged to download reports immediately upon receipt and maintain their own secure copies as needed.
This policy helps limit long-term data exposure and supports compliance with both local and global data privacy mandates.
๐ Compliance with Data Privacy Laws
Smile Checks is designed with data protection compliance at its core. Our system and workflows follow key principles from:
- ๐ต๐ญ Data Privacy Act of 2012 (Philippines)
- ๐ช๐บ General Data Protection Regulation (GDPR)
- ๐ Other global data protection frameworks where applicable
We implement the following principles:
- ๐ Purpose Limitation: Data is collected and used only for the background checks explicitly requested and consented to.
- ๐ Data Minimization: We only collect information strictly necessary to perform the requested checks.
- ๐ค Right to Access & Erasure: Candidates can request access to their data or revoke access at any time.
- ๐ Transparency: Candidates are informed about how their data will be used, processed, and stored.
๐ก๏ธ Smile Checks Security Measures
Smile Checks uses industry-standard security practices to protect sensitive data:
- ๐ End-to-End Encryption: All data transmitted and stored is encrypted using modern cryptographic protocols.
- ๐งฉ Role-Based Access: Only authorized team members have access to background check data via their accounts.
- โณ Auto-Expiration: Candidate-shared account links and access tokens expire after a set period or when access is revoked.
- ๐ Secure Storage: All files and reports are stored in secure, access-controlled environments until deletion.
- ๐งฏ Incident Management: We maintain policies and procedures for timely detection and response to data breaches, if any.
We encourage users to:
- Always use strong passwords
- Limit access to reports to authorized HR personnel only
- Refrain from sharing downloaded reports via unsecured channels
๐ง Need Help?
For questions regarding your organizationโs data obligations or how Smile Checks manages privacy, feel free to reach out to our General Support Team. We're here to support your compliance journey while keeping things simple, safe, and secure.